Security Market Segment LS
Tuesday, 14 January 2014 01:41

Warning for Aussie companies, govt agencies on new Privacy Act


Australian organisations risk financial and reputational damage if they fail to meet the challenges of the new Australian Privacy Act changes to take effect from March this year, according to the APAC chief of a major identity services firm.

Centrify Regional Director APAC Matt Ramsay has warned that the changes risk the cost and compliance challenges of the Sarbanes-Oxley (SOX) legislation in the US. “While SOX has raised the compliance bar for corporate reporting, it has had the unintended impact of creating a lot of uncertainty because of its lack of precision.”

“SOX compliance costs and complexity have run out of control in the US during the past decade. The SOX legislation is prescriptive without being descriptive: It tells you to jump, but not how high. As a result, US corporations need to jump a very high bar indeed to avoid the threat of non-compliance.”

Taking effect from March, the Privacy Amendment (Enhancing Privacy Protection) Act 2012 implements a new set of harmonised privacy principles to regulate the handling of personal information by both Australian businesses and government agencies.

Ramsay said the SOX law, enacted in 2002, had strengthened compliance standards for US public company boards, management and public accounting firms by requiring top managers to individually certify the accuracy of financial information, applying more severe penalties for fraudulent financial activity.

“From March, Australian organisations will face the same challenge from the new privacy legislation – the requirement to ‘take reasonable steps’ to demonstrate compliance without a clear understanding of exactly what is required. Penalties range from $340,000 for an individual to $1.7 million for an agency, in addition to reputational brand damage that may result from such an investigation.”

Ramsay said both public and private sector organisations should take special note of key changes to the law and act now to prepare for these changes.  “From my review, it is clear that three key principles from this new privacy protection legislation are particularly relevant to IT Security.

“For example, APP 1 requires open and transparent management of personal information. Entities ‘must’ take “reasonable” steps to implement practices, procedures and systems relating to the privacy code.

“What makes this smell a little ‘SOXish’ is the imprecision of the term ‘reasonable steps’ to control such broad area as data access and control, which are essential aspects of information security and cooperation between IT, legal, risk and executive management without any specific guidance as to which internal controls must be assessed.”

According to Ramsay, the compliance challenges posed by the new act were exacerbated by two major technology trends - cloud services and mobility.

“Highly-connected pocket-sized devices coupled with Cloud-enabled enterprise applications make private details potentially more accessible and more vulnerable than at any time in our history.

“For organisations to successfully comply with this new legislative environment, they need to ask not only ‘what private information should we protect?’ but ‘who has access and how should we protect it?”

To comply with the new Australian Privacy Principles without onerous costs and complexity, Ramsay said organisations needed to precisely manage individual identities by embracing approaches such as Single Sign On (SSO) authentication and least privilege access controls “SSO provides a real-time corporate roadmap of an organisation’s APP compliance.

“SSO can also free your staff from needing to remember usernames and passwords and greatly simplify de-provisioning Cloud apps by tying all logons back to a single identity store such as Microsoft Active Directory,” Ramsay concluded.

Subscribe to ITWIRE UPDATE Newsletter here


The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.



iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.


Peter Dinham

Peter Dinham - retired in 2020. He is a veteran journalist and corporate communications consultant. He has worked as a journalist in all forms of media – newspapers/magazines, radio, television, press agency and now, online – including with the Canberra Times, The Examiner (Tasmania), the ABC and AAP-Reuters. As a freelance journalist he also had articles published in Australian and overseas magazines. He worked in the corporate communications/public relations sector, in-house with an airline, and as a senior executive in Australia of the world’s largest communications consultancy, Burson-Marsteller. He also ran his own communications consultancy and was a co-founder in Australia of the global photographic agency, the Image Bank (now Getty Images).

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News